Method and device for making secure transactions

ABSTRACT

A system and device is described, that allows a user to use the existing credit card processing infrastructure to make a secure stored value transaction over a network. A data storage media read/write device is used to deduct stored value from a user&#39;s data storage media and optionally transfer said stored value over a network to a financial institution, a service provider or a transaction processor. After the deduction of stored value has been completed a limited-use credit card number is provided to the user for use over a network such as the Internet. The limited-use credit card number is complying with the industry standards for credit card numbers and it has a limited life span and/or a limited spending limit corresponding to the amount of the stored value transaction optionally less a transaction fee. Because the limited-use credit card number is only good for the purchase that it was intended for when the user requested to make a secure payment, the risk of credit card fraud is greatly reduced. The financial institution can optionally allow the limited-use credit card number to be used for more than one purchase over a longer period of time than a few minutes. The present invention, while not limited to electronic commerce transactions using a stored value card, is especially suited for smart card payments over communication networks, without requiring payees to invest in smart card processing infrastructure or signing up for smart card payment processing services.

CROSS-REFERENCE TO RELATED APPLICATION

[0001] This application is entitled to the benefit of Provisional Patent Application Ser. No. 60/373,070 filed Apr. 15, 2002.

FEDERALLY SPONSORED RESEARCH

[0002] Not applicable

SEQUENCE LISTING OR PROGRAM

[0003] Not applicable

FIELD OF INVENTION

[0004] This invention relates in general to transactions made over a network such as the Internet. More specifically it relates to secure transactions made over a network using a stored value.

BACKGROUND—TERMINOLOGY

[0005] Data Storage Media

[0006] In the context of the present invention the term data storage medium is used to describe any media that comprises means for storing data.

[0007] A plurality of data storage media are known from prior art. A few examples are mentioned below, it being understood that the few examples by no means constitute a complete list of the data storage media that can be used with the present invention:

[0008] Bar code card

[0009] CD-ROM

[0010] Citizen card

[0011] Compact Disc

[0012] Compact Flash card

[0013] Contact smart card

[0014] Contact-less smart card

[0015] DVD

[0016] Floppy disks

[0017] Hard disks

[0018] IC cards

[0019] Loyalty program card

[0020] Magnetic stripe card

[0021] Memory chip

[0022] Memory module

[0023] Memory stick

[0024] Mini disk

[0025] Payment card

[0026] PC cards

[0027] Phone card

[0028] RAM module

[0029] SIM cards

[0030] Smart Media card

[0031] Stored value card

[0032] Tapes

[0033] Zip disks

[0034] Access cards

[0035] Election cards

[0036] Electronic books

[0037] Identification cards

[0038] USB dongle

[0039] User/Payer

[0040] In the context of the present invention a user is a person or other entity that wishes to transfer stored value from a data storage media to another person or entity. The terms user and payer are used interchangeably.

[0041] Merchant/Payee/Web merchant

[0042] In the context of the present invention a payee is a person or other entity to which a payer whishes to make a payment. Merchants and web merchants are also referred to as payees in the context of the present invention.

[0043] Stored Value/Funds

[0044] In the context of the present invention stored value is used to describe any electronically stored data that can constitute a “stored value”. A plurality of stored value systems are known from prior art. A few examples are mentioned below, it being understood that the few examples by no means constitute a complete list of the stored value systems that can be used with the present invention:

[0045] Electronic cash

[0046] Loyalty points

[0047] Airline miles

[0048] Electronically stored tokens

[0049] Electronically stored points

[0050] Electronically stored coupons

[0051] Prepaid value

[0052] Data Storage Media Read/Write Device

[0053] In the context of the present invention the term data storage media read/write device is used to describe any device that comprises means of reading data from—and/or writing data to data storage media. Optionally the data storage media read/write device comprises means for coupling said device to a computing device or a network.

[0054] For the sake of simplicity the term “card reader” is used in the following to describe a generic data storage media read/write device, it being noted that the data storage media can be any media that comprises means for storing data and that the read/write device can comprise means for both reading data from data storage media and writing data to said media.

[0055] A plurality of data storage media read/write devices are known from prior art. A few examples are mentioned below, it being understood that the few examples by no means constitute a complete list of the data storage media read/write devices that can be used with the present invention:

[0056] Smart card read/write device (both contact/contact-less and hard wired/wire-less)

[0057] Set top boxes

[0058] Cell phones

[0059] PDA's

[0060] Gaming devices

[0061] Satellite receivers

[0062] Point of Sale terminals

[0063] ATM's

[0064] Network

[0065] In the context of the invention the term “network” is used to describe any network where a plurality of computers, computing devices, game devices, communications devices or other electronic devices are linked together, either through at least one server or through peer-to-peer connections. A few examples of such networks are mentioned below, it being understood that the few examples by no means constitute a complete list of the networks that can be used with the present invention:

[0066] Public networks like the Internet

[0067] Proprietary networks like AOL and Compuserve

[0068] Corporate Intranets

[0069] Hotel's internal networks

[0070] Telephone networks

[0071] Cable networks

[0072] The term “network” is used to describe both wired and wireless networks.

[0073] Service Provider

[0074] In the context of the invention the term “service provider” is used to describe any entity which is providing a service to handle transactions as described in the present invention. Such a service provider might typically be a bank or a payment processor. A service provider in the context of the present invention can also conceivably be a merchant or a web merchant, or any other entity providing transaction services.

BACKGROUND—INTRODUCTION TO THE SMART CARD INDUSTRY

[0075] Description of Smart Cards

[0076] The microcircuit of a smart card is usually based on a microprocessor or a micro-controller including memory circuits, for example of the “PROM” or “EPROM” type. Data can be stored in the aforementioned memory circuits, usually in encrypted form. Some common uses of smart cards include storing value, storing information for use for identification purposes, or for access control. The data is read from memory locations and/or written to memory locations.

[0077] Other logical architectures are used in particular for “electronic purse” or similar type applications.

[0078] To read information from a card or write information to a card, a device must be provided wherein a card can be inserted for reading and/or writing data to and from the card. For the sake of simplicity, such a device will be referred to as a “reader” or a smart card reader, it being understood that it can equally write data and perform other ancillary functions (such as electrical power supply, presence tests etc.) referred to hereinafter and in the prior art.

[0079] In all cases a smart card incorporates at least one electronic component which comprises input/output members to which a link must be established, either through an electrical connection (in the case of a contact smart cards) or through a wireless connection (in the case of a contact-less smart cards). Said input-output members are often provided in the form of contact areas, also known as “pads”, flush with the surface of one of the principal faces of the card. Various standards (ISO, AFNOR, etc.) define the position and lay out of these contact areas. They are used not only for the aforementioned data inputs-outputs but also to supply electrical power to the microcircuit and to enable various checks to be carried out, according to the applications concerned (presence test, etc.). Contact smart cards traditionally are formed of a plastic plate having about the same thickness as a credit card, with an integrated circuit imbedded in the plastic and with contact pads on a surface of the card. Such cards come in different sizes, with the large size commonly being about the size of a credit card and with a popular small size being referred to as a MICROSIM or simply SIM card. The prior art has provided a plurality of other forms of smart cards, for example where a microchip is embedded in a key or a device to place on a wrist for access control. Often these devices are referred to as tokens. For the sake of simplicity these tokens are also referred to as cards in the context of the present invention. The form or shape of the smart card is not important to this invention as it can be adapted to be used with any type of Integrated Circuit card, no matter what form or shape.

[0080] Description of Link Between Card and a Computing Device

[0081] The contact smart cards are inserted into connectors that make contact between the contact pads of the card and a plurality of contacts comprised in the connector to establish an electrical connection to the electronic components of a circuit board (such as a PCB).

[0082] The contact-less smart cards uses wireless means of communication, such as Radio Frequencies, to couple the smart card and the electronic components of a PCB. A conductive path is provided on a PCB to form an integral antenna, which is used to communicate with the smart card.

[0083] Smart Cards in Use

[0084] Smart cards are particularly adapted for use in industries requiring strict access or billing control and convenient as well as secure access to sources of payments and information. Such applications include public phones, vending machines, copy machines, laundry machines, public transportation ticketing and portable devices such as cellular phones, pagers, PDA's, laptop computers and other similar electronic devices and also stationary devices such as a PC, a satellite receiver or a telephone. Such cards can also be used in applications relating to payments, identification, loyalty programs, citizen cards, electronic elections, health services, ticketing, security access, software copy-protection, building access and machine controls etc.

[0085] The cards are commonly used to authorize transactions such as purchases of goods, for access control, for identification purposes, and to allow operation of an automobile radio or a lock. Use of smart cards for secure identity authentication purposes and for online payment transactions over the Internet are expected to increase in the next few years.

[0086] Today there are many hundred million smart cards in use around the world. Although many uses have been proposed and developed, today smart cards are mainly used as prepaid phone cards, as Satellite TV cards or as SIM cards in cellular phones.

[0087] In recent years banks and financial institutions have begun to issue smart card credit cards, in order to prepare for the future, merchants have begun to issue smart cards as loyalty cards, government agencies are using smart cards to control access to buildings, transit authorities are using smart cards to store tickets and cities are using them for parking purposes.

[0088] Introduction of the Object of a Smart Card Reader

[0089] In order to effect electrical connection between a contact smart card and the electronic components of a PCB, an electrical connector or smart card reader is employed such that the connector securely accommodates the smart card therein. The connector serves as an interface between a smart card and a reading system that interprets the information contained in the card. A few examples of such reading systems are computers, satellite receivers, cell phones, pay phones, electronic locks etc.

[0090] In order for a user to take full advantage of the possibilities that smart cards offer, in particular to use a smart card over a network connection (such as the Internet), a card reader must be coupled to the user's computing device. The card reader establishes a link between the information comprised in a microchip on the smart card and a computing device such as a PC.

[0091] The participants in the smart card industry such as smart card manufacturers, system providers and card issuers such as banks or credit card companies and different card based loyalty programs, are all facing the same common problem that there is no infrastructure in place, to facilitate the widespread use of smart cards. Once a critical mass of consumers have card readers installed, a number of services such as E-banking are likely to occur.

[0092] As smart cards and card readers become more commonplace, smart card holders find themselves equipped with a card comprising an advanced technology that allows a user to make a “cash” transaction over a network such as the Internet, by transferring a stored value from the card over the network to a receiver such as an internet merchant. This is very much in the interest of consumers because using a smart card to make Internet payments greatly reduces the risk of credit card fraud and identity theft. Because no account—or credit card information is provided to a merchant when using a smart card to make a payment, there is no risk that the card holder's credit card number will later be abused by the merchant or anyone else.

[0093] The Smart Card Industry'S Problem

[0094] Today it is technically possible to make a transaction over a network such as the Internet by transferring an electronically stored value from one point to another. Today smart cards are the preferred solution for storing said “stored value”, but a plurality of other data storage media can also be used for this purpose. In practice a user cannot make a smart card transaction over the I Internet because no online merchants are accepting smart cards as a payment form. The reason is that very few cardholders are equipped with card readers, so web merchants and payment processors have not yet established the systems to deduct a stored value from a user's card and transfer it to the merchant.

[0095] Because only a very limited number of cardholder's have the capability to use their smart card over the Internet, there are almost no possibilities being provided of using a smart card over the Internet. When there is nothing—or very little a card holder can use her smart card for over the Internet, it is not likely that she will invest the time and money to acquire a smart card reader and connect it to her PC. This paradox is one of the main problems that are facing the smart card industry and the card issuers.

[0096] Once merchants begin accepting smart card payments over a network (such as the Internet), it will still require that every merchant invest in payment processing technology, or sign up with a payment processor. This means that even when some merchants begin to accept smart cards as a payment form over a network, a consumer might still often find websites that will not accept smart cards as payment, thus forcing the user to use a regular credit card (with increased risk of fraud) or search for another merchant that have the same goods or services.

DEMANDS

[0097] From the above description, a number of demands become evident:

[0098] Demand for a Secure Online Payments

[0099] There is a demand for consumers to be able to conduct secure online payments, without the high fraud risk associated with traditional credit cards. This is not only a consumer concern but also a major concern of merchants and banks who in many cases must cover the loses related to credit card fraud.

[0100] Demand for Private Online Payments (to Avoid Spam and Telemarketing Sellers)

[0101] There is a demand for a consumer to be able to make a payment, without revealing personal information such as address or email address. There are numerous reports that describe how personal information have been sold to third parties, many times resulting in unwanted junk mail and junk email.

[0102] Demand for Consumers to Make Secure Smart Card Transactions Over a Network

[0103] There is a demand for a solution that allows users to be able to use secure transactions over a network.

[0104] Demand For Providing A Solution That Does Not Require Merchants To Sign Up

[0105] There is a demand for a solution that can allow a user to use a smart card to make a payment over the internet, even if the receiver (such as an online merchant) is not providing the option of paying with smart cards.

[0106] Demand for Making Micro-Payments

[0107] There is a demand for a solution that make it viable for a user to make a Micro-payment over a network.

OBJECTS AND ADVANTAGES

[0108] Objects

[0109] It is an object to provide a secure network payment solution that significantly reduces the risk of credit card fraud compared to the use of regular magnetic stripe credit cards.

[0110] It is an object to enable a user to make a purchase over a network, without providing any irrelevant personal information about the user to the merchant.

[0111] It is an object to provide a solution that allows users to make smart card transactions over a network.

[0112] It is an object to provide a solution that allows a user to make a smart card payment, event to online merchants that does not provide smart cards as a payment option.

[0113] It is an object to provide a solution that will allow a user to make a Micro Payment over the network.

[0114] Advantages

[0115] This system has several advantages:

[0116] 1) It allows a user to make a smart card payment, even if the payee is not capable of accepting smart cards.

[0117] 2) There is no requirements for online merchants, governments and organizations to invest in smart card enabled infrastructure, or to sign up for new payment services.

[0118] 3) The system allows a user to make a payment, without revealing credit card information thus greatly reducing the risk of fraud.

[0119] 4) User's that do not have a credit card can still use the system to make online credit card payments.

[0120] 5) The system allows card issuers to rely on the existing payment processing infrastructure to facilitate stored value transactions.

SUMMARY

[0121] A device and a system is described, that allows a user to make a secure transaction over a network, to make a payment using stored value without any requirement for the payee to be able to accept said stored value as a method of payment. The preferred embodiment of the invention utilizes smart cards as the media on which said stored value is stored but also other data storage media can be used.

[0122] When checking out from an E-commerce website that accepts any means of online payment, a user can opt to have the payment amount plus optional fees deducted from a stored value on a smart card which can optionally be coupled to a network through a card reading device. The stored value is deducted from the user's smart card by a third party such as a payment processing service provider (PPSP). When the PPSP has concluded the transaction and received an amount from the user's card, the user is in turn provided with a limited-use credit card number (and/or other necessary account information) for use in the transaction between the user and the online merchant. The limited-use credit card number can be one of a plurality of numbers that are pre-assigned to the user's account or smart card, or it can be generated from time to time using an algorithm. When the service provider receives the stored value from the user's card, a limited-use credit card number is provided with limited lifespan and spending limits. Because the credit card number is only good for the purchase that it was intended for when the user requested to have an amount deducted from a smart card, the risk of the user getting defrauded in connection with the transaction is eliminated. The service provider can optionally allow that the limited-use credit card number can be used for more than one purchase over a longer period of time than a few minutes.

INTRODUCTION OF PRIOR ART

[0123] The art has utilized a number of limited use credit card number systems as well as anonymous credit card systems.

[0124] US Patent Application US 2001/0047335 A1 discloses a secure transaction method and system to allow for goods or services to be paid for using a limited use credit card number. A limited use credit card number is generated by a customer using a number generating device. The system has the drawback that it relies on the user having a credit account and it does not allow a customer to use a stored value card to make a payment.

[0125] See the following US Patents, each of which is incorporated herein by reference: Inventor U.S. Pat. No. Moreno 4007355 Anderson et al. 4186871 Nagata 4197986 Ugon 4211919 Fak et al. 4214230 Giraud 4215421 Haruki 4219151 Konheim et al 4223403 Atalla 4268715 Giraud 4271482 Stuckert 4277837 Atalla 4283599 Bouricius et al. 4302810 Atalla 4304990 Benton 4305059 Merkle 4309569 Sendrow 4317957 Powell 4320387 Bouricius et al. 4326098 Benton 4341951 Atalla 4357529 Smid et al. 4386233 Chesarek 4386266 Campbell 4408203 Zeidler 4423287 Mueller-Schloer 4438824 de Pommery et al. 4450535 Benton 4454414 Mollier 4467139 Herve 4471216 Decavele et al. 4498000 Chaum 4529870 Atalla et al. 4536647 Ugon 4544833 Saada et al. 4549075 Ugon 4556958 Nagata et al. 4594663 Robert et al. 4612413 Benton et al. 4625276 Pugsley et al. 4629874 White 4630201 Herve 4638120 Hale et al. 4652698 Mollier et al. 4656474 Matyas 4661658 Hirokawa 4672182 Davies 4679236 Wirstrom et al. 4691355 Kashkashian, Jr. 4700055 Watanabe 4709136 Yashida 4709137 Aaro et al. 4720859 Munck et al. 4723284 Oncken et al. 4725719 Yoshida 4736094 Daughters et al.. 4742215 Kruse et al. 4786790 Wright et al. 4802218 Igasawara. 4831245 Nakano. 4839504 Mori 4877947 Halpern 4877950 Wright et al. 4900903 Halpern 4906828 Benton et al. 4926325 Bestock et al. 4933971 Austin 4935962 Gorog 4947028 Collin 4992646 Yoshida 5012076 Collin 5030806 Donald et al. 5053956 Scwartz. 5093862 Mansvelt et al. 5175416 Iijima 5225664 Takagi et al. 5227613 Graves 5239166 Pailles et al. 5247578 Rossides 5269521 Chaum 5276736 Kuriyama 5285200 Iijima 5293029 Holtey et al. 5293424 Beller et al. 5299263 Vizcaino 5317636 Atalla et al. 5319710 Avarne 5323465 Lundstrom et al.. 5332889 Axelrod et al. 5337358 Barney et al. 5341426 Goldfine et al. 5343529 Molva et al. 5347580 Ohno 5355413 Gutowitz 5365589 Bocinsky, Jr. 5371797 Haber et al. 5373561 Scheidt et al. 5375169 Lundstrom et al.. 5378884 Larsson et al. 5379344 Ishiguro et al. 5396558 Yashida 5401950 Mihm, Jr. 5402490 Nevoux et al. 5412726 Aziz 5416842 Low et al. 5420926 Fischer 5422953 Akiyama et al. 5428684 Storck et al.. 5434395 Chaum 5434919 Augustine et al. 5440633 Bellovin et al. 5440635 Ishiguro et al. 5446796 Brown et al. 5455863 Claus 5461217 Eberhard 5473689 Kaufman et al. 5475763 Owens et al. 5481611 Denno et al. 5493613 Kaufman et al. 5497421 Ishiguro et al. 5502765 Clark 5517569 Augustine et al. 5524052 Taylor. 5530232 Davis et al. 5544086 Liang et al. 5548106 Hogan 5557516 Davis et al. 5559887 Taylor 5578808 Mark. 5583933 Pitroda 5590038 Davis, et al. 5596642 Campana et al. 5602915 Mueller 5602917 Dolan et al. 5604801 Aziz 5604803 Micali 5604804 Davis et al. 5633930 Newman et al. 5665951 Brands 5668878 Aditham et al. 5706349 Anderson et al. 5706442 Chelliah et al. 5710887 Everett et al. 5715431 Deo et al. 5721781 Drerup 5740364 Dillaway et al. 5742756 Wagner 5742845 Rosen 5745886 Nishioka et al. 5754656 Rosen 5774553 Watanabe, et al. 5774884 Jones et al. 5778067 Caputo 5778071 Fox et al. 5790677 Paradinas, et al. 5796831 Rosen 5799087 Tago 5864829 Pitroda 5884271 Ginter et al. 5892900 Chew 5901303 Rosen 5920629 Corder, et al. 5936221 Rosen 5953423 Rosen 5963648 Williams et al. 5963924 Kumomura 5963926 Rosen 5978485 Turk, et al. 5983207 Nakano, et al. 5987438 Wissenburgh, et al. 5991412 Rowney et al. 5996076 Kawan 6012049 Brennan 6014648 Williams et al. 6016484 Demers, et al. 6021399 Bombard, et al. 6023508 Molano et al. 6032135 Barlow, et al. 6038551 Fleischl, et al. 6038552 Rosen 6047067 Biffar 6047269 Thomas 6064988 Teicher 6065675 Teicher 6076075 Schenkler 6078902 Davis, et al. 6105008 Davis et al. 6105008 Morrison, Jr. 6105011 Weiss, et al. 6131810 Jonstromer 6142369 Lee-Wai-Yin 6167387 Moran, et al. 6185542 Husemann, et al. 6192349 Heinzle, et al. 6199046 Biffar 6205435 Rosen 6205436 Mori, et al. 6223169 Chan et al 6233683 Keathley et al. 6247129 Shiobara, et al. 6266653 Davis et al. 6282522 Nagata, et al. RE32,985 Takahashi Re33571 Mansvelt et al. Re36788

[0126] Other References

[0127] 1. Alfred R. Berkeley,III, “Nasdaq's Technology Floor: Its President Takes Stock”, IEEE Spectrum 1997.

[0128] 2. Applications in the banking and financial sector, Ch. 6, pp. 73-81, no date.

[0129] 3. Ascom Autelca AG, “Opposition (3)”, Sep. 26, 1995, EPO.

[0130] 4. Baldwin, et al., “Locking the E-Safe”, IEEE Spectrum February 1997.

[0131] 5. Bank Cards—Magnetic Strip Data Content For Track 3, 1987, International Standard, ISO 4909 Second Edition.

[0132] 6. Beutelspacher, et al. Payment Applications with Multifunctional Smart Cards, 1989, Smart Card 2000.

[0133] 7. Brian Santo, “Bill-paying put on line”, Mar. 20, 1995, Electronic Engineering Times.

[0134] 8. Cabinet Hirsch, Appeal of European Patent EP 0 421 808, Oct. 19, 1998, European Patent Office.

[0135] 9. Carol H. Fancher, “Smart Cards as Potetial Applications Grow, Computers in the Wallet are Making Unobstrusive Inroads”, August 1996, Scientific American Website.

[0136] 10. Carol Hovenga Fancher, “In Your Pocket Smartcards”, IEEE Spectrum Feb. 1997.

[0137] 11. Cash .TM. Secure Internet Payment Service .TM. “CyberCash's Secure Internet Payment Services”, CyberCash, Inc., Reston, Va. 22091.

[0138] 12. Cash.TM. Secure Internet Payment Service.TM. “CyberCash's Secure Internet Payment Services”, CyberCash, Inc., Reston, Va. 22091.

[0139] 13. Chaum et al., “SmartCard 2000: The Future of IC Cards”, Oct. 19, 1987, Elsevier Science Publishers, B. V.

[0140] 14. Chip Card News Intamic, December 1988, No. 26., including 3 articles.

[0141] 15. Chip Card News, Aprril 1983, No. 5.

[0142] 16. David Chaum, et al., “Minting Electronic cash”, IEEE Spectrum Feb.1997.

[0143] 17. David Chaum, Provacy Protected Payments Unconditional Payer and/or Payee Untraceability, 1989, Smart Card 2000.

[0144] 18. David Naccache, “Cryptographic Smart Cards”, Jun. 3, 1996, IEEE Micro 1966 Website.

[0145] 19. Deutsche Telekom AG; “Opposition (2)”, Sep. 26, 1995, EPO.

[0146] 20. Edward W. Kelley, Jr., “The Future of Electronic Money: A Regulator's Perspective”, IEEE Spectrum, February 1997.

[0147] 21. Elkington and Fife, “Patentee's Statement”, Feb. 19, 1998, EPO.

[0148] 22. Elkington and Fife, “Response to the Communications of Notices of Opposition dated Mar. 1, 1996”, Sep. 13, 1996, EPO.

[0149] 23. EPO Opposition Division, “Annex to Summons”, Oct. 16, 1997.

[0150] 24. EPO Opposition Division, “Minutes of Oral Proceedings”, Jun. 15, 1998, EPO. 25. EPO Opposition Division, Annex to Summons, Reference No. RAL/014/F6658, Application No. 90310934.6-2207/0421808, Mansvelt, Andre Peter, et al., Oct. 16, 1997.

[0151] 26. EPO Opposition Division, Interlocutory Decision in Opposition Proceedings, Jun. 15, 1998, EPO.

[0152] 27. EPO, PCT International Search Report, PCT/US 98/08806, Aug. 24, 1998, (4 pages). 28. Financial Information Systems, Report from the Financial Committee of the IC Card Study Group, “Usage and Standardisation of IC Cards in Finance”, Financial Information Systems Centre (FISC) Foundation, No. 18, 1986.

[0153] 29. Financial transaction Cards-Security Architecture of Financial Transaction System Using Integrated Circuit Cards—Part 1: Card Life Cycle, Sep. 15, 1991, International Standard, ISO 1020-1, First Edition.

[0154] 30. Gemplus: A Brief History, Gemplus SA; Gemenos, France;http://www.gemphus.com/company-overview,html, No Date.

[0155] 31. Giesecke & Devrient GmbH, “Opposition (4)”, EPO.

[0156] 32. Hawkes et al., “Integrated Circuit Cards, Tags and Tokens”, 1990, BSP Professional Books. 33. Herbert F. W. Schramm, “POS-Banking mit Chipkarten,” 1987, Geldinstitute No. 1, pp. 70-71. (English translation included).

[0157] 34. Hiro Shogase, The Very Smart Card: A Plastic Packet Bank:, October 1988, IEEE Spectrum.

[0158] 35. Howard Anderson, “Money and the Internet: A Strange New Relationship” IEEE Spectrum 1997.

[0159] 36. Identification Card System—Inter-Sector Electronic Purse Part 3: Data Elements and Interchanges, 1994, European Prestandard, prEN 1546-3.

[0160] 37. Identification Card System—Inter-Sector Electronic Purse Part 4: Devices, 1994, European Prestandard, prEN 1546-4.

[0161] 38. Identification Card Systems—Inter-Sector Electronic Purse Part 1: Concepts and Structures, 1994, European Standard, PrEN 1546.

[0162] 39. Identification Card Systems—Intr-Sector Electronic Purse Part 2: Security Architecture, 1994, European Standard, prEN XXXXX-2.

[0163] 40. Identification Cards—Contactless Integrated Circuit(s) Cards—Part 1: Physical Characteristics, 1992, International Standard, ISO/IEC 10536-1, First Edition.

[0164] 41. Identification Cards—Contactless Integrated Circuit(s) Cards—Part 2: Dimensions and Location of Coupling Aresa, 1995, International Standard, ISO/IEC 10536-2, First Ed.

[0165] 42. Identification Cards—Contactless Integrated Circuit(s) Cards—Part 3: Electronic Signals and Reset Procedures, 1996, International Standard, ISO/IEC 10536-3, First Edition.

[0166] 43. Identification Cards—Financial Transaction Cards Amendment 1 1996, International Standard, ISO/IEC 7813, Fourth Eiditon.

[0167] 44. Identification Cards—Financial Transaction Cards, 1990, International Standard, ISO/IEC 7813, Third Edition.

[0168] 45. Identification Cards—Integrated Circuit(s) Cards With Contacts Part 1: Physical Characteristics, 1987, International 46. Standard, ISO 7816-1, First Edition.

[0169] 47. Identification Cards—integrated Circuit(s) Cards With Contacts Part 2: Dimensions and Location of the Contacts, 1988, International Standard ISO 7816-2, First Edition.

[0170] 48. Identification Cards—integrated Circuit(s) Cards With Contacts Part 3: Electronic Signals and Transmission Protocols, International Standard, ISO/IEC 7816-3, First Edition.

[0171] 49. Identification Cards—integrated Circuit(s) Cards with Contacts Part 4: Inter-Industry Commands for Interchange, International Standard, ISO/IEC 7816-4, First Edition.

[0172] 50. Identification Cards—Integrated Circuit(s) Cards With Contacts Part 5: Numbering System and Registration Procedure for Application Identifiers, 1993, International Standard, ISO/IEC DIS 7816-5.

[0173] 51. Identification Cards—Physical Characteristics, 1995, International Standard, ISO/IEC 7810, Second Edition.

[0174] 52. Identification Cards—Recording Technique—Part 1: Embossing, 1995. International Standard, ISO/IEC 7811-1, Second Edition.

[0175] 53. Identification Cards—Recording Technique—Part 2: Magnetic Strip, 1995, International Standard, ISO/IEC 7811-2, Second Edition.

[0176] 54. Identification Cards—Recording Technique—Part 3: Location of Embossed Characters on ID-1 Cards, 1995, International Standard, ISO.IEC 7811-5, Second Edition.

[0177] 55. Identification Cards—Recording Technique—Part 4: Location of Read-Only Magnetic Tracks—tracks 1 & 2, 1995 International Standard, ISO/IEC 7811-4, Second Edition.

[0178] 56. Identification Cards—Recording Technique—Part 5: Location of Read-Write Magnetic Track—Trck 3, 21995, International Standard ISO.IEC 7811-5, Second Edition.

[0179] 57. Identification Cards—Recording Technique—Part 6: Magnetic Stripe-High Coercivity, 1996, International Standard, ISO/IEC 7811-6, First Edition.

[0180] 58. International Cards—Integrated Circuit(s) Cards With Contacts Part 6: Inter-Industry Data Elements, 1995, International Standard, ISO/IEC DIS 7816-6.

[0181] 59. Jerome Svigals, “Smart Cards, The New Bank Cards,” 1987, MacMillan Publishing Company, New York, Revised Edition, Chapter 2 “Smart Cards for Financial Transactions,” p. 60.

[0182] 60. Jerome Svigals, “SmartCards The New Bank Cards”, 1985, MacMillan Publishing Company.

[0183] 61. Jerome Svigals, “SmartCards The Ultimate Personal Computer”, 1985, MacMillan Publishing Company.

[0184] 62. Klunker Schmitt-Nilson Hirsch, “Appeal of European Patent EP 0 421 808”, Oct. 19, 1998, European Patent Office.

[0185] 63. Koninklijke PTT Nederland N. V., “Opposition (6)”, EPO.

[0186] 64. La Carte A Micro-Calculateur Multi-Applications MP-ADF, Bull CP8: TD 0143F.01, August 1988. (English translation included).

[0187] 65. Leslie Marable, “A Test Moves Net-Based Bill Payment a Step Closer”, WebWeek, The Newspaper of Web Technology and Business Strategy, vol. Three, Issue Three, Feb. 3, 1997.

[0188] 66. Lynch et al., “Digital Money, The New Era of Internet Commerce”, Copyright .COPYRGT. 1996, John Wiley & Sons, Inc.

[0189] 67. Marvin A. Sirbu, “Electronic Payments—Credits and Debits on the Internet”, Carnegie Mellon University, IEEE Spectrum Feb. 1997.

[0190] 68. Michael C. McChesney, “Banking in Cyberspace: An Investment in Itself”, IEEE Spectrum 1997.

[0191] 69. Michael Waidner, Birgit Pfitzmann, “Loss-Tolerant Electronic Wallet”, 1991, Elsevier Science Publishers B. V.

[0192] 70. Mike Ter Maat, “The Economics of E-Cash”, IEEE Spectrum 1997.

[0193] 71. Notice of Appeal; Ref. PJF/CB/0665800P; date: Jul. 13, 1998; author: none; Publisher: European Patent Office.

[0194] 72. P. Remery et al., “Le paiement electronique”, 4, trimestre, 1988.

[0195] 73. Peter S. Gemmell, “Traceable E-Cash”, Sandia National laboratories, IEEE Spectrum Feb. 1997.

[0196] 74. Preussag AG, “Opposition (1)”, Sep. 27, 1995, EPO.

[0197] 75. Prof. Shimon Even, “Secure Off-line Electronic Fund Transfer Between Nontrusting Parties”, Smart Card 2000, 1989.

[0198] 76. References to: INTERNET STORED VALUE CARD TRANSACTION SYSTEM

[0199] 77. Roy Bright, “Smart Cards: Principles, Practice, Application,” 1988, Ellis Horwood Limited, pp. 73-81, Ch. 6.

[0200] 78. S. Even et al., “Electronic Wallet,” June 1983. 79. Santo, Brian; “The NetBill Electronic Commerce Project”, Mar. 20, 1995: pp 1-14 Electronic Engineering Times.*

[0201] 80. Schlumberger Industries SA, “Opposition (5)”, EPO.

[0202] 81. Siemens Short Form Catalog: Integrated Circuit Division 1995/1996; http://www.allianet.com/siemens/catalog/08.html.

[0203] 82. Stanley E. Morris, “Crime and Prevention: A Treasury Viewpoint”, IEEE Spectrum Feb. 1997.

[0204] 83. Steven Levy, “E-Money (That's What I Want)”, December 1994, Wired Magazine.

[0205] 84. Steven M. H. Wallman, “Technology Takes to Securities Trading”, IEEE Spectrum 1997.

[0206] 85. Tekla S. Perry, “Electronic Money: Toward a Virtual Wallet”, IEEE Spectrum, Feb. 1997.

[0207] 86. The Smart Card Cyber Show, Analyses Et Synthesis; Paris, France; No Date; http://www.cardshow.com/industry/CP8Transac.

[0208] 87. To Probe Further, Special Issue, IEEE Spectrum 1997.

[0209] 88. von W. Ott et al., “Kartenanwendungen im Fernmeldewesen,” Der Fernmelde-lngenieur, August/September 1989, pp. 64-70. (English translation included).

[0210] 89. Waidner, et al., Loss-Tolerant Electronic Wallet, 1991, Smart Card 2000.

[0211] 90. Yrjonen et al., Chip Cards—Bank Notes of the Future, Paper to be presented at ESCAT 1988, Sep. 5-7, Helsinki, Finland.

[0212] 91. Zoreda et al., “Smart Cards”, 1994, Artech House.

DRAWINGS

[0213] Figures

[0214]FIG. 1 is a schematic illustration of a payment system according to the preferred embodiment of the invention.

[0215]FIG. 2 is a schematic illustration of a payment system according to an alternate embodiment of the invention.

[0216]FIG. 3 is a simplified block diagram illustrating a payment process according to one embodiment of the invention.

[0217]FIG. 4 is a schematic diagram that illustrates one embodiment of a system according to the present invention that comprises a data storage media read/write device of the present invention data storage media.

[0218]FIG. 5 is a simplified block diagram illustrating of a payment system according to an alternate embodiment of the invention.

[0219]FIG. 6 is a simplified block diagram illustrating of a payment system according to an alternate embodiment of the invention.

REFERENCE NUMERALS

[0220]100 Payer

[0221]200 Data storage media in the form of a payment card

[0222]210 Optional communication unit of 200

[0223]220 Optional security unit of 200

[0224]222 Optional decryption unit of 200

[0225]224 Optional encryption unit of 200

[0226]230 Optional ID unit of 200

[0227]232 Optional card issuer data unit of 200

[0228]234 Optional cardholder data unit of 200

[0229]236 Optional card data unit of 200

[0230]240 Optional programming unit of 200

[0231]250 Optional application unit of 200

[0232]252 Example application 1 of 200

[0233]254 Example application 2 of 200

[0234]300 Data storage read/write device in the form of a card read/write device

[0235]310 Optional communication unit of 300

[0236]320 Optional security unit of 300

[0237]322 Optional decryption unit of 300

[0238]324 Optional encryption unit of 300

[0239]330 Optional data unit of 300

[0240]331 Optional authorization database of 300

[0241]332 Optional limited-use credit card number database of 300

[0242]340 Optional programming unit of 300

[0243]350 Optional application unit of 300

[0244]360 Optional ID unit of 300

[0245]362 Optional card reader data unit of 300

[0246]364 Optional card reader provider data unit of 300

[0247]400 Payer's computing device

[0248]500 Network

[0249]600 Bank/service provider/payment processor

[0250]700 Payee

[0251]1000 Start of payment process

[0252]2000 Process activation

[0253]3000 Entering transaction information

[0254]4000 Card validation

[0255]5000 Prompting user

[0256]6000 Transaction request

[0257]7000 Display transaction verification

[0258]8000 Transaction verification

[0259]9000 Value transfer

[0260]10000 Limited credit card number issuance

[0261]11000 End payment process

DETAILED DESCRIPTION OF DRAWINGS

[0262]FIG. 1 is a schematic illustration of a payment system according to the preferred embodiment of the invention.

[0263] When a user (100) whishes to make a secure payment over a network such as the Internet (500), a stored value card (200) is inserted into a card read/write device (300) which is coupled to said network, optionally through a computer (400). A connection is made to a payment processor such as a bank (600) and information about the desired transaction—such as the amount—is provided to the payment processor. After verification of the transaction information and validation of the inserted stored value card, the agreed amount and optionally a transaction fee and(or other fees are deducted from the stored value card and transferred over a network to the payment processor or an acquirer (step 1). The user (100) is in turn provided with a limited use credit card number (step 2), with an expense limit corresponding to the amount that was deducted from the user's stored value card (optionally less transaction fees) and optionally a limited lifespan, such as an hour or a day. The user then completes the transaction by providing said limited use credit card number to the payee (700) (step 3) after which the goods or services can be provided to the user (step 4). Any payment system of the prior art using limited-use or anonymous credit card numbers and/or limited-use or anonymous account numbers can optionally be used as part of the present invention to provide a limited-use credit card—or account number to the user as step 10000 of FIG. 3 or alternate embodiments of the invention. One example of such prior art is US Patent application 2001/0047335 A1 (in the following referred to as “335 A1”), Arndt et al. In “335 A1” a limited-use credit card number is generated by a user using a number generating device. Used with the present invention the number generating device of “335 A1” would be used in step 10000 of FIG. 3 to provide a limited use credit card number to the user with a spending limit corresponding to the transferred from a stored value card in step 9000. A plurality of examples of payment systems of the prior art that can be used with the present invention is disclosed above under “Description of prior art” all of which are comprised herein in its entirety by reference.

[0264] Operation of the Preferred Embodiment

[0265]FIG. 3 is a simplified block diagram illustrating a payment process according to the preferred embodiment of the invention.

[0266] In step 1000 a user locates goods or service over a network such as the Internet. When the user is ready to make a secure payment, the payment process is activated by said user (step 2000). Said payment process can be activated in a plurality of ways, such as by a mouse click on an icon on a computer desktop, the push of a button on a payment device, the use of a remote control, by entering a specific website etc. In the preferred embodiment of the invention, the user activates the payment process by clicking on an icon on a computer screen. After the payment process has been activated, the user is prompted to enter information regarding the desired transaction (3000). In the preferred embodiment the user is only asked to provide the desired amount for the transaction. In other embodiments of the invention the user can be required to provide other—or additional information, and the smart card can optionally be protected by a PIN code or a password. In step 4000 a validation of the inserted smart card is performed to control that the inserted card is of an authorized type, that the card contains sufficient funds to make the transaction, that the card has not expired or been reported stolen etc. If the card is not valid an error message is displayed to the user (4500) and the user is prompted to insert a valid card (5000).

[0267] Other embodiments of the present invention utilize software programs, to automate some or all of the payment process. One example is a web browser plug in—or an actual web browser application, which automatically detects, when a user is on a web merchant's check out page, if desired prompts the user to activate the payment process, deducts the stored value from the user's card, receives the limited use credit card number from the service provider—or receives a released stored limited use credit card number from a card or a reader, and automatically passes on the limited use credit card number to the web merchant. The individual card issuers and service providers decide which levels of security and user verifications are needed in the above described automatic process.

[0268] In step 6000 a request is send to a payment processor or a payment service provider (for the sake of simplicity the payment processor is referred to as the bank in the following). Said request can be send to the bank in a plurality of ways. In the preferred embodiment the request to make a secure payment is send to the bank via the Internet. When the bank receives the request to make a secure payment, a message is displayed asking the user to verify the transaction information (step 7000). I the user does not verify the transaction information in step 8000, the process is interrupted, and the user is referred to step 3000. If the user in step 8000 confirms that the transaction information is correct, the agreed amount is deducted from the user's card and transferred to the payment processor (step 9000). In alternate embodiments of the invention, the deducted value is not transferred to the payment processor, but simply erased from the user's card or put in a separate holding area of the account for later collection.

[0269] When the payment processor has received the payment, a limited use credit card number is issued and provided to the user (step 10000). The user in turn provides said limited credit card number to the payee (step 11000).

[0270]FIG. 2 is an alternate embodiment of FIG. 1. Part of the transaction information that is send to the service provider (600) in step 1, is information regarding the payee's website such as an URL and information about the current session. After the service processor (600) has received payment from the payer (100) the limited use credit card number is directed to the payee, using the information that was submitted to the service provider in step 1. The payee can optionally allow service providers to automatically fill out the required information such as credit card number and expiration date.

[0271]FIG. 4 is a schematic diagram that illustrates one embodiment of a system according to one embodiment of the present invention that comprises a data storage media read/write device and a data storage media. In the embodiment that is illustrated a smart card and a smart card reader is used to illustrate the system. Each element of the smart card and of the reader is further described in the following:

[0272] Data Storage Media

[0273] A data storage media according to one embodiment of the present invention comprises:

[0274] A smart card 200 further comprising:

[0275] A. An optional communication unit 210;

[0276] B. A optional security unit 220 that comprises a decryption unit 222 and encryption unit 224;

[0277] C. An optional ID unit 230 that comprises a card issuer data unit 232, a card holder data unit 234 and a card data unit 236;

[0278] D. An optional programming unit 240;

[0279] E. An optional application unit 250 that comprises at least one application 252.

[0280] A description of each unit of the smart card is included in the following:

[0281] A. The Communication Unit 210

[0282] The communication unit of the card 200 comprises means for communicating with the communication unit 310 of the card reader 300. In the preferred embodiment of the invention the communication between the card and the card reader is done by establishing a connection between a contact pad comprised on the surface of the smart card and a contact element comprised on the card reader. Such connection between the contact pad of the card and the contact elements of the card reader is established by inserting the smart card into a card insertion slot comprised in the card reader.

[0283] In other embodiments of the invention, other means of communication can be utilized, depending on what type of card is used. A contact-less smart card communicates with the corresponding card reader using wireless means of communication (and the card is not inserted into a card insertion slot, but held closely to the reader), a magnetic stripe card communicates with a corresponding magnetic stripe card reader etc.

[0284] In yet another embodiment of the present invention, a smart card is equipped with 2 contact pads, one of which is used to program the card reader, the other used for other purposes.

[0285] The prior art describes numerous ways of establishing communication between a card and a card reader, all of which can be used with the present invention.

[0286] B. The Security Unit 220

[0287] In the preferred embodiment of the present invention the security unit of the smart card 200 is used for encrypting and decrypting sensitive information. When a card is inserted into the card reader—or by other means coupled to the card reader, the security unit 220 can optionally cause the user to be prompted to enter a Personal Identification Number (PIN). In the preferred embodiment of the present invention, the card reader is compliant with the FINREAD specifications, and thus the reader comprises a keypad to allow a user to enter a PIN directly into the card reader, without the use of a computer keyboard.

[0288] The security unit then uses the decryption unit 222 to decrypt the encrypted PIN information stored in the card data unit 263, and performs a comparison between the entered PIN and the PIN stored on the card. Only if the 2 PINs match, the payment process is allowed to continue.

[0289] In alternate embodiments of the present invention, the PIN is not required and in yet another embodiment of the invention it is conceivable that the card reader is not equipped with a keypad, but for example requires the user to enter a PIN using a computer keyboard.

[0290] C. The ID Unit 230

[0291] According to the preferred embodiment of the present invention, every card must comprise identification information that is used to determine whether or not a card is authorized for use with a particular card reader. An Answer To Reset command is send to the card, which in turn replies with the cards identification information. The ISO 7816 standard describes one suitable card identification system for use with the present invention. Other card identification systems could also be used with the present invention.

[0292] Certain data comprised in the ID unit 230 of the smart card 200 can optionally be required to meet certain criteria stored in an optional data unit 340 of the card reader for successful operation to take place. Which specific criteria that must be met in order for a particular card to be authorized for use with a particular card reader, is determined by the card reader provider and/or the card issuer.

[0293] C.1. The Card Issuer Data Unit 232

[0294] In the preferred embodiment of the present invention, the ID unit comprises a card issuer data unit, which comprises data used to identify the card issuer. The Card Issuer (CI) data unit comprises at least one of the following fields:

[0295] CI ID number

[0296] CI name

[0297] CI street 1

[0298] CI street 2

[0299] CI city

[0300] CI zip

[0301] CI state

[0302] CI country

[0303] CI corporate phone number

[0304] CI corporate fax number

[0305] CI corporate website

[0306] CI corporate email address

[0307] CI support phone number

[0308] CI support fax number

[0309] CI support website

[0310] CI support email address

[0311] CI promotional website

[0312] The data in the Card Issuer data unit can be stored in either un-encrypted or encrypted form. In another embodiment of the present invention, the Card Issuer data unit comprises additional—or other fields, and in yet another embodiment the need for the ID Unit of a smart card to comprise a Card Issuer data unit can conceivably be eliminated.

[0313] C.2. The Card Holder Data Unit 234

[0314] In the preferred embodiment of the present invention, the Card Holder (CH) data unit comprises at least one of the following fields:

[0315] CH ID number

[0316] CH company ID number

[0317] CH company name

[0318] CH name

[0319] CH title

[0320] CH street 1

[0321] CH street 2

[0322] CH city

[0323] CH zip

[0324] CH state

[0325] CH country

[0326] CH private phone number

[0327] CH private fax number

[0328] CH private website

[0329] CH private email address

[0330] CH cell phone number

[0331] CH fingerprint image

[0332] CH head shape image

[0333] CH other biometric information (such as voice pattern or DNA information)

[0334] CH birth date

[0335] CH social security number

[0336] Other useful information

[0337] The data in the Card Holder data unit can be stored in either un-encrypted or encrypted format.

[0338] In another embodiment of the present invention, the Card Holder data unit comprises additional—or other fields, and in yet another embodiment the need for the ID Unit of a smart card to comprise a Card Holder data unit can conceivably be eliminated.

[0339] C.3. The Card Data Unit 236

[0340] In the preferred embodiment of the present invention, the Card data unit comprises at least one of the following fields:

[0341] Card ID number

[0342] Card expiration date

[0343] User PIN code (for accessing the card)

[0344] Admin PIN code (for programming the card)

[0345] User's security level (is he authorized to update the card etc.)

[0346] Card's security level (is a PIN needed to access the card, is BOTH a PIN and a fingerprint match needed etc.)

[0347] License information (information about limits in the number of uses or other license restrictions)

[0348] The data in the Card data unit can be stored in either un-encrypted or encrypted format.

[0349] In another embodiment of the present invention, the Card data unit comprises additional—or other fields, and in yet another embodiment the need for the ID Unit of a smart card to comprise a Card data unit can conceivably be eliminated.

[0350] D. The Programming Unit 240

[0351] The programming unit 240 is used to re-program—or update information comprised the smart card reader. Optionally it is conceivable that the programming unit 240 could also be used when re-programming or updating information on the smart card on which the programming unit is stored—or on a second smart card.

[0352] E. The Application Unit 250

[0353] In the preferred embodiment of the present invention, at least one of the following applications is provided on the smart card 200 and stored in the application unit 250:

[0354] Secure credit

[0355] Stored value

[0356] Electronic wallet

[0357] Insurance (such as proof of insurance and insurance records)

[0358] Medical records

[0359] Drivers license

[0360] Driving record

[0361] Electronic Tickets (such as public transit tickets, sports- and cultural events etc.)

[0362] Loyalty (such as frequent flyer programs, repeat customer awards, bonus programs etc.)

[0363] Electronic coupons (for example for shopping purposes)

[0364] Identification

[0365] Donor information (such as blood or organs)

[0366] PIN and/or password holder

[0367] A card issuer and the capacity of the card determine if more than one application is provided on the card. The present invention can be used with any application that can be stored electronically, and not only the few examples mentioned above. Similarly multi-application cards comprising any combination of applications can be used with the device, system and method of the present invention.

[0368] Card Reader 300

[0369] A data storage media read/write device according to one embodiment of the present invention comprises a card read/write device further comprising:

[0370] A. An optional communication unit 310;

[0371] B. An optional security unit 320 that comprises an optional encryption unit 324 and an optional decryption unit 322;

[0372] C. An optional data unit 330 that comprises an optional authorization database 331 and an optional limited-use credit card number database 332

[0373] D. An optional programming unit 340;

[0374] E. An optional application unit 350

[0375] F. An optional ID 360 unit that comprises an optional card reader data unit 362 and an optional card reader provider data unit 364;

[0376] A description of each unit of the card reader is included in the following:

[0377] A. The Communication Unit 310

[0378] The communication unit 310 of the card reader 300 comprises means for communicating with the communication unit 210 of the card 200. In the preferred embodiment of the invention the communication between the card and the card reader is done through establishing a physical connection between a contact pad comprised on the surface of the smart card and a contact element comprised on the card reader. Such physical connection between the contact pad of the card and the contact elements of the card reader is established by inserting the smart card into a card insertion slot comprised in the card reader.

[0379] In other embodiments of the invention, other means of communication can be utilized, depending on what type of card is used, as further described above under the description of the communication unit 210.

[0380] B. The Security Unit 320

[0381] In the preferred embodiment of the present invention the security unit 320 of the card reader 300 is used for decrypting encrypted data that is received from other sources or stored in other units of the card reader 300. Similarly the security unit is used for encrypting data before remitting it to other sources or before storing it in other units of the card reader.

[0382] C. The Data Unit 330

[0383] In one embodiment of the present invention, the data unit comprises an optional authorization unit 331 which comprises a non-volatile memory (such as a database) wherein data is stored that is used to match data received from other sources such as an ID unit 230 of a smart card 200.

[0384] The files and the fields of the authorization unit of one embodiment of the present invention could be:

[0385] Database File: Card Types

[0386] Card type ID

[0387] Card type name

[0388] Card issuer ID

[0389] Is card type allowed (yes/no)

[0390] Expiration date for card type

[0391] Card type license ID

[0392] Database File: Card Issuers

[0393] Card issuer ID

[0394] Card issuer name

[0395] Is card issuer allowed (yes/no)

[0396] Expiration date for card issuer

[0397] Card issuer license ID

[0398] Database File: Card Holders

[0399] Card Holder ID

[0400] Card Holder name

[0401] License ID

[0402] Database File: Card Holder Preferred Payment Method

[0403] Card Holder ID

[0404] Preferred Payment method

[0405] Database File: Card Holder Payment Options

[0406] Payment Option ID

[0407] Payment Option Description

[0408] Options (examples):

[0409] 1. Credit card

[0410] 2. Stored value card

[0411] 3. Check

[0412] b 4. Credit an account

[0413] b 5. Money transfer

[0414] 6. Online payment (such as Pay Pal etc.)

[0415] 7. Credit phone bill

[0416] 8. Credit other regular bill (such as Electrical bills, DirecTV, AOL, Magazine subscriptions, Internet subscriptions (such as those proposed according to Microsofts proposed Net strategy) or Internet access)

[0417] 9. Credit cell phone bill

[0418] 10. Credit pre-paid cell phone card

[0419] 11. Credit prepaid phone card

[0420] 12. Cash (at participating merchants or banks)

[0421] Database File: Card Holder Credit Cards

[0422] Card Holder ID

[0423] Credit card type ID

[0424] Expiration date

[0425] Credit card number

[0426] Database File: Card Holder Account information

[0427] Card Holder ID

[0428] Account type

[0429] Financial institution ID

[0430] Account number

[0431] Database File: Card Holder Billing information

[0432] Card Holder ID

[0433] Bill type

[0434] Bill issuer

[0435] Database File: Financial Institutions

[0436] Financial institution ID

[0437] Financial institution name

[0438] Financial institution SWIFT code

[0439] Other information about the institution (such as address, website etc.)

[0440] Database File: License Information

[0441] License ID

[0442] Apply to card types

[0443] Apply to card issuers

[0444] Number of allowed uses

[0445] Number of uses left

[0446] Allowed period begin

[0447] Allowed period end

[0448] The data unit 330 of the one embodiment of the card reader 300 further comprises a limited-use credit card number database 332. When a stored value is deducted from a card, a use can be granted access to one of a plurality of pre-loaded limited-use credit card numbers that can be stored in the data unit 330. The transaction information that is send to the bank along with the stored value that is deducted from the card contains information about which limited-use credit card number will be released for this transaction. Upon receiving the stored value, the banks authorizes the use of the limited-use credit card number for an agreed amount (such as the stored value that was transferred less a transaction fee). The limited-use credit card number can optionally be released upon the reader receiving a confirmation code from the bank.

[0449] The limited-use credit card numbers can equally be stored on a storage media such as a smart card to be released when a payment is made.

[0450] D. The Programming Unit 340

[0451] According to one embodiment of the present invention the programming unit 340 comprises a database that controls by whom and how the card reader can be programmed and/or updated with new data. Some example files and fields of such a database is given in the following:

[0452] Database File: Admin Security Level

[0453] Are user allowed to change security settings (yes/no)

[0454] Admin Security level ID

[0455] Database File: Possible Admin Security levels

[0456] Admin Security level ID

[0457] Admin Privilege Code

[0458] Database File: Admin Privilege Codes

[0459] Admin Privilege Code

[0460] Privilege Description

[0461] Options (examples):

[0462] 1. No restrictions

[0463] 2. Must provide PIN (or other input key)

[0464] 3. Must provide PIN OR Biometric authentication

[0465] 4. Must provide PIN AND Biometric authentication

[0466] 5. Must provide Biometric authentication

[0467] 6. Must have physical card with specific card ID present

[0468] 7. Must have specific card ID present AND provide PIN

[0469] 8. Must have specific card ID present AND provide PIN AND biometric authentication

[0470] Database File: Allowed Admin ID Numbers

[0471] Admin ID number

[0472] Database file: Admin ID

[0473] Admin ID number

[0474] Admin name

[0475] Admin PIN code

[0476] Registered Admin Card ID

[0477] Biometric info (such as unique identification information using fingerprint, head shape, DNA, Iris or Voice etc.)

[0478] E. The Application Unit 350

[0479] In one embodiment of the present invention the card reader 300 comprises an application unit 350 to handle the payment process of the present invention. The application unit can optionally comprise a plurality of different applications.

[0480] F. The ID Unit 360

[0481] In one embodiment of the present invention the card reader 300 comprises an optional ID unit 360 which comprises an optional card reader data unit 362 and an optional card reader provider data unit 364.

[0482] E. 1. Card reader data unit 362

[0483] The card reader data unit could comprise at least one of the following fields:

[0484] Card reader ID number

[0485] Card reader provider ID

[0486] Card reader manufacture code

[0487] Card reader manufacture date

[0488] Card reader Serial number

[0489] Card reader Model Identification

[0490] E. 2. Card Reader Provider Data Unit 2520

[0491] The card reader provider data unit could comprise at least one of the following fields:

[0492] Card reader provider ID

[0493] Card reader provider name

[0494] Other embodiments of the present invention require less memory space in the card and the reader, by reducing the number of files and/or fields in the various databases.

[0495] Other embodiments of the present invention does not require the use of databases, but stores authorization information and limited-use credit card numbers in the code of the programming unit 340 of the card reader 300, in the programming unit 240 of the card 200 or in other locations.

[0496] A simplified example of a code module (in pseudo code) used to control the release of limited-use credit card numbers to the user is illustrated in the following:

[0497] 1. Private Sub GetLimitedUseCreditCardNumber()

[0498] 2. ′REM This code is run when a confirmation code (ConfCode) is received from the bank

[0499] 3. ′REM The card in this example contains 3 limited-use credit card numbers

[0500] 4. ′REM ConfCode for this example is an integer between 1 and 3.

[0501] 5. ′REM The bank keeps track of which numbers have already been used.

[0502] 6.

[0503] 7. UseNumber=ConfCode

[0504] 8.

[0505] 9. CCNumber=Array(4635504941073001,4635504941073002,4635504941073003)

[0506] 10.

[0507] 11. MsgBox “Your limited use credit card number is:” & CCNumber(UseNumber)

[0508] 12.

[0509] 13. End Sub

[0510] When all limited-use credit card numbers have been used, the bank can optionally offer to provide the user with a new set of limited-use credit card numbers.

[0511] The limited-use credit card number can optionally be provided by the bank each time a transaction is requested or the bank can provide means for generating said limited use credit card numbers at the user's end as described above and in the prior art.

[0512] A simplified example of a code module (in pseudo code) used to control which card are authorized for use with the device of the present invention is illustrated in the following:

[0513] 0. Private Sub CheckCard ()

[0514] 1. X=3

[0515] 2. AuthorizedCardIssuerID=Array(“American Express” “Visa”, “Mastercard”)

[0516] 3. LicenseExpirationDates=Array(010102, 010102, 010102)

[0517] 4.

[0518] 5. NumberOfAuthorizedCards=X

[0519] 6. AccessGranted=False

[0520] 7.

[0521] 8. For CycleCount=1 to X

[0522] 9. If UserCard.CardissuerID=AuthorizedCardlssuerID(CycleCount) and_(—)

[0523] 10. UserCard.CardExpirationDate >=LicenseExpirationDates(CycleCount) then

[0524] 11. AccessGranted=true

[0525] 12. Exit For

[0526] 13. End if

[0527] 14. Next CycleCount

[0528] 15. End Sub

[0529] If for example a new card issuer must be added to the list of authorized card issuers, the programming unit would only need to correct the value of X in line 1., append the new AuthorizedCardissuerID to the string in line 2., and append the corresponding LicenseExpirationDate (if any) in line 3.

CONCLUSIONS, RAMIFACTIONS AND SCOPE

[0530] Conclusion

[0531] It will be apparent to the reader that the payment system and the device of the invention provides a highly secure payment process that drastically reduces the risk of credit card fraud. Furthermore the invention facilitates the use of electronic storage media such as smart cards as payment devices over networks such as the Internet, by providing a solution that does not require payees to invest in additional infrastructure or add additional services to enable user's to make secure stored value payments over a network.

[0532] Ramifications

[0533] Although the preferred embodiment of the present invention comprises an electronic data storage media read/write device in the form of a smart card reader, any other device which comprises means for reading data from and/or writing data to electronic storage media can be used with the present invention. A few examples of such devices are mentioned below:

[0534] TV set top boxes

[0535] Personal Digital Assistants (PDA's)

[0536] Cell phones

[0537] Payment terminals

[0538] Point Of Sale terminals (POS)

[0539] ATM's

[0540] Although the preferred embodiment of the present invention uses an electronic data storage media in the form of a smart card to transfer funds to a bank prior to receiving a limited-use credit card number, any other payment means can be used with the present invention to satisfy the conditions that is required for the bank to provide a limited-use credit card number. A few examples of such payment methods are mentioned below:

[0541] The transaction amount can be debited or credited a user's account with a financial institution The transaction amount can be billed separately to the user or included on existing bills (telephone bills, utilities bills, cable—or satellite TV bills, Internet access bills etc.) The transaction amount can be deducted from a prepaid phone card The transaction amount can paid for by providing a cell phone number—and adding the amount to the monthly bill or deducting the amount from a prepaid cell phone account or card.

[0542] Not only smart cards, but any electronic data storage media can be used with the present invention, as previously described in this application under the “Terminology” section.

[0543] Scope

[0544] Various changes to the foregoing described and shown methods and devices and corresponding structures would now be evident to those skilled in the art. It is to be understood, however, that even though numerous characteristics and advantages of the present invention have been set forth in the foregoing description, together with details of the structure and function of some embodiments of the invention, the disclosure is illustrative only, and changes may be made in detail, especially in matters of shape, size, and arrangement of parts within the principles of the invention to the full extent indicated by the broad general meaning of the terms in which the appended claims are expressed. 

I claim:
 1. A method for making electronic transactions comprising the steps of: deducting stored value from a data storage media; providing a limited-use credit card number
 2. A method according to claim 1 further comprising: transferring said deducted stored value over a network to a service provider
 3. A method according to claim 1 wherein said transaction is conducted over a network.
 4. A method according to claim 3 wherein said network is selected from a group comprising: Internet; Cable TV networks; Satellite networks; Telephone networks; Cell phone networks; Wireless networks; AOL; Compuserve; Corporate intranets; Other proprietary networks; Other public networks;
 5. A method according to claim 3 wherein said data storage media is selected from a group comprising: Bar code card; CD-ROM; Citizen card; Compact Disc; Compact Flash card; Contact smart card; Contact-less smart card; DVD; Floppy disks; Hard disks; IC cards; Loyalty program card; Magnetic stripe card; Memory chip; Memory module; Memory stick; Mini disk; Payment card; PC cards; Phone card; RAM module; SIM card; Micro SIM card; Smart Media card; Stored value card; Tapes; Zip disks; Access cards; Election cards; Electronic books; Identification cards; USB dongle Token devices Cell phones
 6. A method according to claim 1 wherein said data storage media is selected from a group comprising: Bar code card; CD-ROM; Citizen card; Compact Disc; Compact Flash card; Contact smart card; Contact-less smart card; DVD; Floppy disks; Hard disks; IC cards; Loyalty program card; Magnetic stripe card; Memory chip; Memory module; Memory stick; Mini disk; Payment card; PC cards; Phone card; RAM module; SIM card; Micro SIM card; Smart Media card; Stored value card; Tapes; Zip disks; Access cards; Election cards; Electronic books; Identification cards; USB dongle Token devices Cell phones
 7. A method according to claim 1 wherein said limited-use credit card number is provided by means selected from a group comprising: transferring said limited-use credit card number over a communication network; providing means for generating said limited-use credit card number at the user end; releasing a limited-use credit card number that is stored in a data storage media; releasing a limited-use credit card number that is stored in a data storage media read/write device;
 8. A device for making stored value transactions which comprises: means for writing/reading information to/from data storage media; means for deducting a stored value from a data storage media; means for receiving a limited-use credit card number; means for providing said limited-use credit card number to a third party;
 9. A device according to claim 8 further comprising means for transferring said deducted stored value to a payee;
 10. A device according to claim 8 wherein said data storage media is selected from a group comprising: Bar code card; CD-ROM; Citizen card; Compact Disc; Compact Flash card; Contact smart card; Contact-less smart card; DVD; Floppy disks; Hard disks; IC cards; Loyalty program card; Magnetic stripe card; Memory chip; Memory module; Memory stick; Mini disk; Payment card; PC cards; Phone card; RAM module; SIM card; Micro SIM card; Smart Media card; Stored value card; Tapes; Zip disks; Access cards; Election cards; Electronic books; Identification cards; USB dongle Token devices Cell phones 